summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Remove compilation warning: ret may be uninitializedHEADmasterPavel Březina2012-08-211-0/+2
|
* Unbreak build on RHEL5: replace ldap_destroy() with ldap_unbind_ext()Pavel Březina2012-08-211-1/+1
| | | | ldap_destroy() is not present in RHEL5
* Close LDAP connection when unable to install TLSPavel Březina2012-08-211-13/+13
| | | | | | | We were not closing LDAP connection when using SSL with invalid certificate. https://fedorahosted.org/sssd/ticket/1490
* accept_fd_handler: add missing returnSumit Bose2012-08-211-0/+1
|
* SYSDB: Make sysdb_attrs_get_el_int() publicStephen Gallagher2012-08-212-8/+10
| | | | Also rename it to sysdb_attrs_get_el_ext()
* Process all groups from a single nesting levelJakub Hrozek2012-08-211-4/+14
| | | | | | | | https://bugzilla.redhat.com/show_bug.cgi?id=846664 If the first group was cached when processing the nested group membership, we would call tevent_req_done, effectivelly marking the whole nesting level as done.
* Fix compilation error in Python murmurhash bindingsJakub Hrozek2012-08-162-4/+10
| | | | | | The compilation produced an error due to missing declaration of uint32_t and a couple of warnings caused by different prototypes of argument parsing functions in older Python releases.
* Only create the SELinux login file if there are mappings on the serverJakub Hrozek2012-08-162-51/+78
| | | | | | | | | | | https://fedorahosted.org/sssd/ticket/1455 In case there are no rules on the IPA server, we must simply avoid generating the login file. That would make us fall back to the system-wide default defined in /etc/selinux/targeted/seusers. The IPA default must be only used if there *are* rules on the server, but none matches.
* Do not try to remove the temp login file if already renamedJakub Hrozek2012-08-161-2/+3
| | | | | | | | | write_selinux_string() would try to unlink the temporary file even after it was renamed. Failure to unlink the file would not be fatal, but would produce a confusing error message. Also don't use "0" for the default fd number, that's reserved for stdin. Using -1 is safer.
* Build SELinux code in responder conditionallyJakub Hrozek2012-08-161-0/+7
| | | | https://fedorahosted.org/sssd/ticket/1480
* Fix LOCAL domain lookupsPavel Březina2012-08-151-19/+22
| | | | | | https://fedorahosted.org/sssd/ticket/1436 Now subdomains are not evaluated for local domains.
* Add python bindings for murmurhash3Sumit Bose2012-08-154-3/+184
|
* KRB5: Only return PAM error for unreachable kpasswd when performing chpassJakub Hrozek2012-08-151-2/+4
| | | | https://fedorahosted.org/sssd/ticket/1452
* FO: Return EAGAIN if there are more servers to tryJakub Hrozek2012-08-151-0/+9
| | | | | The caller should issue a next request, which would just shortcut with ENOENT.
* FO: Don't retry the same server if it's not workingJakub Hrozek2012-08-151-2/+3
|
* Duplicate detection in fail over did not work.Michal Zidek2012-08-159-15/+69
| | | | https://fedorahosted.org/sssd/ticket/1472
* sss_client: Group lookups should work even when fastcache cannot be initializedJakub Hrozek2012-08-131-8/+2
| | | | https://fedorahosted.org/sssd/ticket/1415
* Add autofs-related options to configAPIJakub Hrozek2012-08-132-1/+12
| | | | https://fedorahosted.org/sssd/ticket/1478
* MAN: Improve description of ldap_*_search_base optionsStephen Gallagher2012-08-104-96/+63
| | | | | It was ambiguous that these options supported the new multiple search base format, as well as the search filters.
* When ldap_group_nesting_level was reached, the LDAP provider tried to link ↵Michal Zidek2012-08-101-1/+45
| | | | | | group members with groups outside nesting limit. https://fedorahosted.org/sssd/ticket/1194
* Document entry_cache_autofs_timeoutJakub Hrozek2012-08-101-0/+14
|
* remove duplicate sss_obfuscate reference in seealso manpage sectionNick Guay2012-08-101-3/+0
|
* MAN: Fix minor typo in ldap_search_base sectionStephen Gallagher2012-08-101-1/+1
|
* Don't use server after SRV data collapsedJakub Hrozek2012-08-091-5/+8
|
* SRV resolution for backup servers should not be permitted.Michal Zidek2012-08-095-6/+37
| | | | https://fedorahosted.org/sssd/ticket/1463
* Change default for ldap_idmap_range_min to 200000Jakub Hrozek2012-08-094-4/+4
| | | | https://fedorahosted.org/sssd/ticket/1462
* Abort PAM access phase if HBAC does not return PAM_SUCCESSJakub Hrozek2012-08-091-0/+1
|
* Backward GOTOs rewritten into do-while loops.Ondrej Kos2012-08-092-245/+271
|
* Change default value of ldap_sasl_string to host/hostname@REALM in man page.Michal Zidek2012-08-091-1/+1
| | | | https://fedorahosted.org/sssd/ticket/1464
* Replaced "id_max" & "id_min"Ondrej Kos2012-08-081-4/+4
|
* Allocate on top of a talloc context, not NULLJakub Hrozek2012-08-081-0/+3
|
* Always mark SRV servers as primaryJakub Hrozek2012-08-071-0/+1
| | | | https://fedorahosted.org/sssd/ticket/1459
* Remove SYSDB_SUDO_CACHE_OC from attribute listsPavel Březina2012-08-072-2/+0
| | | | It is not an attribute.
* Rename SYSDB_SUDO_CACHE_AT_OC to SYSDB_SUDO_CACHE_OCPavel Březina2012-08-075-8/+8
| | | | | It does not contain name of the object class attribute but the value itself. I renamed it to avoid confusion.
* Remove redefinition of some SYSDB_* macrosPavel Březina2012-08-071-10/+0
|
* Subdomains: Send the DP reply in the correct formatJakub Hrozek2012-08-071-14/+41
| | | | | The DP was sending the reply in a format the responder did not expect, so the responder always failed to parse the message.
* monitor: set debug level when unable to load configurationPavel Březina2012-08-071-0/+6
| | | | | | | | | https://fedorahosted.org/sssd/ticket/1345 When the monitor is unable to load configuration and non debug level is set (e.g. when sssd is started via 'service'), none message was saved into logs. This patch forces debug messages to be written in this scenario.
* Failover: Return last tried server if it's still being triedJakub Hrozek2012-08-071-2/+6
| | | | | | | | | | | | | | | | | In the failover, we treat both KDC and LDAP on the IPA server as a single "port", numbered 0. This was done in order to make sure that the SSSD always talks to the same server for both LDAP and Kerberos. However, this clever hack breaks when the IPA provider needs to establish an GSSAPI encrypted LDAP connection because we're asking the fail over code to yield a server while no server has yet been marked as tried. This triggers a fail over for the KDC, so in effect, the TGT is received from second server. If the second server is not available for some reason, the whole provider goes offline. The fail over needs to detect that the server asked for is still being resolved and return the same pointer.
* Add end of line to debug messagePavel Březina2012-08-071-2/+2
|
* IPA: Securely set umask for mkstemp in subdomain providerStephen Gallagher2012-08-061-0/+3
| | | | https://fedorahosted.org/sssd/ticket/1457
* SYSDB: Use ldb_msg_add_string for simple string additionsJakub Hrozek2012-08-063-12/+12
|
* IPA: Do not attempt to close the same file twiceStephen Gallagher2012-08-061-1/+1
| | | | https://fedorahosted.org/sssd/ticket/1456
* shadow attributes can contain -1Pavel Březina2012-08-061-1/+1
| | | | https://fedorahosted.org/sssd/ticket/1393
* SYSDB: Check the return valueJakub Hrozek2012-08-061-0/+1
|
* Removed unused variable assignmentOndrej Kos2012-08-061-2/+0
| | | | https://fedorahosted.org/sssd/ticket/1453
* SSSDConfig: Fix nonfunctional SSSDDomain.remove_provider()Stephen Gallagher2012-08-052-0/+10
| | | | | | Also adds a regression test to the unit test suite. https://fedorahosted.org/sssd/ticket/1388
* Fix the version numberJakub Hrozek2012-08-031-1/+1
| | | | | The version number was set incorrectly to the value that should have been set when we release the 1.9.0 final version.
* tests: build sysdb ssh tests conditionallyPavel Březina2012-08-031-1/+4
|
* Fix various typos in documentation.Yuri Chornoivan2012-08-034-5/+5
|
* Don't call fo_set_{server,port}_status for SRV serversJakub Hrozek2012-08-031-2/+3
| | | | This bug was producing harmless, but annoying error messages.
generated by cgit (git 2.34.1) at 2024-04-26 18:10:13 +0000